Security

(public)

User Story

The object returned from init() in an implementation of nsIDOMGlobalPropertyInitializer should be a different object implementing only the API to be exposed, and nothing more.
If the XPCOM object itself is returned -- and note that returning anything from init() also causes the XPCOM object to be used -- it is possible to QI into that object and, for example, call init() again, which might not be safe.